MordecaiThe error "CERT_AUTHORITY_INVALID" comes from the fact that it is a self-signed certificate. Hence the "Authority" that issued the cert is not a known and established certificate authenticator. (authenticators are updated routinely in your browser without the users direct knowledge)

The connection is still secure, so long as you trust the site that you're dealing with, and with concern on what you are sharing. Would I share banking information with cap-cyber.org? no, but for encrypting user/pass and the like, which are unique to that site and only that site, sure.

Certs cost money, and I wouldn't begrudge a site the use of self signed certs so long as I know and trust the site. Additionally given the level of trust needed, adding the self signed cert to the allowed registry/repository on local machines would allow you to bypass the error.

If you were to use Firefox, you could easily add an exception to the error, while it would still show you invalid certificate iconography in the URL bar. (eg showing red or line through lock while having HTTPS displayed)

Google (ergo Chrome) is not the authority their statements purport them to be.

You and I might know there's no technical issue with a self signed cert, but it's difficult to assert a site as an authority on cyber defense training when it generates security warnings.

Logged

"Anyone can hold the helm when the seas are calm ... leadership is about weathering the storm."

The moment any commander or staff member considers themselves a gatekeeper, instead of a facilitator, they have failed at their job.I can't fix all of CAP's problems, but I can lead from the bottom by building my squadron as a center of excellence to serve as an example of what every unit can be.

My browser promotes webpages to https whenever available. Using proper certificates is a cybersecurity best practice that is completely free to do thanks to let's encrypt. If they don't want people using https, they should disable the service on the secure port.

I smell a lesson on self signed certicates coming on. I do encourage CyberPatriot leaders to create lessons on getting a certificate from a commercial CA or Let's Encrypt. We should encourage all webmasters to use TLS/SSL on their websites.